Threat Information for "Win32.HLLW.Bropia"
| Summary | Top |
- Name: Win32.HLLW.Bropia
- Aliases:
- Date Discovered: 2007-01-31
- Protection Added: 2007-02-12
| Description | Top |
-- Ease of Removal 1: Consistently named 2: Consistent file contents 3: Creates new registry entries with consistent data 4: Runs as a service 5: Uses running processes -- Privacy Risks/Security Changes 1: Mimics legitimate file names -- Damage/Intrusion/Annoyance 1: Modifies non-critical registry entries 2: Significantly slows down the computer 3: Displays deceptive error messages 4: Creates new files 5: Downloads other threats -- Propagation/Saturation 1: Spreads to other computers on the same network 2: Infects through a blind IP address attack 3: Installed by other infections
| Technical Details | Top |
- Added Directory/File:
FilePath: %SYSTEMDIR%\taskgmgr.exe - Added Directory/File:
FilePath: %ROOTDRIVE%*._eac_qt_ MD5: 1742815af74d46f73e2a23122505aa62 - Added Directory/File:
FilePath: %ROOTDRIVE%hellmsn.exe - Added Registry Value:
Key: HKU\S-*\%CURRENTVERSIONREG%\Run Value: WINMGR - Added Registry Value:
Key: HKCU\Software\Microsoft\OLE Value: WINMGR - Added Registry Value:
Key: HKU\S-*\SYSTEM\CurrentControlSet\Control\Lsa Value: WINMGR - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: WINMGR - Added Registry Value:
Key: HKLM\SOFTWARE\Microsoft\OLE Value: WINMGR - Added Registry Value:
Key: HKCU\%CURRENTVERSIONREG%\Run Value: WINMGR - Added Registry Value:
Key: HKU\S-*\Software\Microsoft\OLE Value: WINMGR - Added Registry Value:
Key: HKCU\SYSTEM\CurrentControlSet\Control\Lsa Value: WINMGR - Added Registry Value:
Key: HKLM\SYSTEM\CurrentControlSet\Control\Lsa Value: WINMGR - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\RunServices Value: WINMGR
